Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 200-201 Topic 4 Question 96 Discussion

Actual exam question for Cisco's 200-201 exam
Question #: 96
Topic #: 4
[All 200-201 Questions]

A member of the SOC team is checking the dashboard provided by the Cisco Firepower Manager for further Isolation actions. According to NIST SP800-61, in which phase of incident response is this action?

Show Suggested Answer Hide Answer
Suggested Answer: D

According to NIST SP800-61, the incident response lifecycle consists of four phases: Preparation, Detection and Analysis, Containment, Eradication and Recovery, and Post-Incident Activity.

When a SOC team member checks the Cisco Firepower Manager dashboard for further isolation actions, they are working within the Eradication and Recovery phase.

This phase focuses on removing the threat from the environment and recovering affected systems to normal operations.


NIST SP800-61 Computer Security Incident Handling Guide

Incident Response Phases Explained

Role of SOC in Incident Response

by Darrel at Sep 17, 2024, 06:53 AM

Limited Time Offer

25%

Off

Get Premium 200-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Ryann
2 months ago
Selection and analyze phase? Nah, that's more like what you'd do after the incident, not during the immediate response.
upvoted 0 times
...
Annabelle
2 months ago
Hope the SOC team isn't trying to 'cost-incident' their way out of this one. That would be a real doozy!
upvoted 0 times
Velda
1 months ago
A: Definitely, rushing into it could make things worse.
upvoted 0 times
...
Lazaro
1 months ago
A: Agreed, rushing into things could make the situation worse.
upvoted 0 times
...
Nieves
1 months ago
B: Yeah, they need to carefully analyze the data before taking any further actions.
upvoted 0 times
...
Jean
1 months ago
B: Yeah, they need to carefully analyze the data before taking any further actions.
upvoted 0 times
...
Refugia
1 months ago
A: I think they are in the Selection and analyze phase.
upvoted 0 times
...
Jeffrey
2 months ago
A: I think they are in the Selection and analyze phase.
upvoted 0 times
...
...
Shizue
2 months ago
I'm going with B) Preparation phase. Monitoring the dashboard is definitely part of getting ready to respond to an incident.
upvoted 0 times
Clorinda
29 days ago
I'm leaning towards D) The radiation and recovery phase. Once we isolate the threat, we need to focus on recovery and preventing future incidents.
upvoted 0 times
...
Wilda
1 months ago
I see your point, but I still think B) Preparation phase is the best fit. We need to be prepared before taking any further actions.
upvoted 0 times
...
Luis
1 months ago
I think it could also be C) Selection and analyze phase. We need to analyze the data on the dashboard to make informed decisions.
upvoted 0 times
...
Catherin
1 months ago
I agree, B) Preparation phase makes sense. It's all about being ready for any incidents.
upvoted 0 times
...
...
Elly
2 months ago
I'm not sure, but I think it could also be D) The radiation and recovery phase, as they are taking actions to isolate and recover from the incident.
upvoted 0 times
...
An
3 months ago
The Radiation and Recovery phase? Really? That sounds more like what you'd do after a nuclear incident, not a cybersecurity event.
upvoted 0 times
Louisa
2 months ago
C: Actually, it's in the Cost-incident activity phase.
upvoted 0 times
...
Rosann
2 months ago
B: No, I believe it's in the Preparation phase.
upvoted 0 times
...
Ona
2 months ago
D: I'm pretty sure it's in the Radiation and Recovery phase.
upvoted 0 times
...
Allene
2 months ago
C: Are you sure? I thought it was in the Cost-incident activity phase.
upvoted 0 times
...
Serita
2 months ago
B: No, I believe it's in the Preparation phase.
upvoted 0 times
...
Ozell
2 months ago
A: I think it's in the Selection and analyze phase.
upvoted 0 times
...
Bernadine
2 months ago
A: I think it's actually in the Selection and analyze phase.
upvoted 0 times
...
...
Agustin
3 months ago
Hmm, this seems to be in the Preparation phase. Checking the dashboard to prepare for further action is a key part of that.
upvoted 0 times
Timothy
2 months ago
I agree, checking the dashboard is crucial for preparing for further actions.
upvoted 0 times
...
Steffanie
2 months ago
Yes, you're right. It's definitely in the Preparation phase.
upvoted 0 times
...
...
Rebbecca
3 months ago
I agree with Audra, because in this phase the SOC team is analyzing the data to make informed decisions.
upvoted 0 times
...
Audra
3 months ago
I think the answer is C) Selection and analyze phase.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77